Linear Cryptanalysis Differential Cryptanalysis

Linear cryptanalysis is a known plaintext Differential cryptanalysis can be defined as a

attack, in which the attacker studies general style of cryptanalysis that is basically
probabilistic linear relations called a available to block ciphers, cryptographic hash
linear approximation among parity bits of functions. It involves a precise analysis of how
the plaintext, the Ciphertext and the differences in information input can influence the
hidden key. resulting characteristics at the output.
In linear cryptanalysis, the aspect of the
cryptanalyst is to recognize the linear By comparing the changes in some selected
relation between several bits of the plaintexts, and the difference in the outputs
plaintext, there are some bits of the resulting from encrypting each one, it is applicable
ciphertext, and few bits of the unknown to find several keys.
key.
In linear cryptanalysis, the cryptanalyst
In differential cryptanalysis, the changes to the
decrypts each cipher using some
intermediate cipher text are acquired between
applicable sub keys for one round of
multiple rounds of encryption. The attacks can be
encryption and studies the resulting
combined, and this can be defined as differential-
intermediate cipher text to compare the
linear cryptanalysis.
random outcomes.

KMS Key Encryption

Unencrypted data can be read and seen by anyone who has access to it, and data stored at-rest
or sent between two locations, in-transit, is known as ‘plaintext’ or ‘cleartext’ data. The data
is plain to see and can be seen and understood by any recipient. There is no problem with this
as long as the data is not sensitive in any way and doesn’t need to be restricted.

However, on the other hand, If you have data that IS sensitive and you need to ensure that the
contents of that data is only viewable by a particular recipient, or recipients, then you need to
add a level of encryption to that data.

But what is data encryption?

This course answers that question by first explaining at a high level what symmetric and
asymmetric encryption is, before diving into how the Key Management Service (KMS) can
help you achieve the required level of encryption of your data across different services.

You will understand why KMS is key to your data security strategy within your organization
and how you can use this service to manage data encryption through a series of different
encryption keys, either KMS generated or by using your own existing on-premise keys

Privacy is the right to control how your information is viewed and used, while security is
protection against threats or danger. In the digital world, security generally refers to the
unauthorized access of data,

The New Secret Weapon in Breach

Detection: Math and Data Science
he days of looking at log files to find security breaches are long gone. Don't get me wrong —
log files are still useful. They are vital to confirming a breach and its cause, and necessary for
forensics and remediation workflows. But manually sifting through logs to identify trouble is
a waste of time in an era during which data grows exponentially, seemingly by the hour. This
is further compounded by the complex interconnectedness and opacity of the digital supply
chain necessary to deliver modern services.

For many of us, sitting through high school and college math courses, such as calculus,
spurred a common question: "When am I ever going to use this in real life?" But for those of
us that found our way to the information security world, the answer to that question is "now."

It's time for organizations across industries to take a page from the financial services book
and use math and data science to assess the probabilities of a breach. Specifically, security
teams can leverage time series data to build mathematical models that describe user behavior,
and then look for anomalies and assign a probability that something is wrong.

Here are some of the elements and basic concepts of math and data science that organizations
can use to improve their breach detection:

 Derivatives. The word "derivative" may sound fancy, but it essentially means the rate
of change with respect to time. For our purposes, a sudden increase in the number of
authentication failures per unit time (per hour, per day, and so on) is a derivative
worth watching. For example, if authentication failures jump from five or ten per day
to 100 or more, it's a sign that a breach is being attempted (best case) or has already
happened (worst case). Here you want to look at the derivative of a function rather
than the quantity.

 Mathematical models. Another concept that's useful in our field is building

mathematical models of asset behavior. For example, think of a software-as-a-service
product or platform as an asset. How can we provide a baseline norm that can then be
used to spot anomalies? You might model GitHub if you use it as a code repository by
monitoring metrics over time for some set of critical operations, such as "clone,"
"merge," "delete," "add user," or "generate access token."

 Cardinality. These examples can also include the notion of cardinality — the number
of elements of a set. This could be logins from known devices, in that we are looking
for a change in the quantity of specific critical operations to represent a possible
indicator of compromise. But in order to derive this, we first need to "learn" it. As a
basic example, say the number of devices used to log in from a CEO is almost always
three per day — one on their phone, one on their tablet, and another on their laptop. If
that number grows to four or five, it could be that the CEO started working on a new
device or two (still worth confirming). But if it jumps significantly, there is a high
probability of a breach.

Many organizations and security teams still do breach detection the old-fashioned way,
collecting and searching logs for patterns or regular expressions from any and everywhere,
but it's clearly not adequate. Again, logs are still useful for forensics. But to limit the window
of exposure and improve time-to-detection so that remediation activities can be initiated
sooner, combining time series data with math and data science principles is proving to be
extremely valuable.
https://www.cybersecurityworkshop.org/

abstract: August 13, 2023 (Last Round)

1. Security Testing Before Database Deployment

Most databases go through just functional testing ensuring its supreme performance.
However, security testing of databases shall be done as well to check that the databases are
not doing things that they shouldn’t be doing.

2. Default, Blank, and Weak Username/passwords

An organization may have hundreds or even thousands of databases. And it may be a pretty
tough job to keep all of them under control. A very good step towards a better database
security is to remove default, blank and weak log-in credentials. Hackers usually keep track
of default accounts and use them whenever they have this chance to hack databases.

3. SQL Injections

Maybe the most popular method to get sensitive data from any database for hackers. A
malicious code is embedded into web applications connected to databases. As a result,
cybercriminals may have unlimited access to sensitive data inside databases. So, the best way
to protect information from SQL attacks to protect web-facing databases with firewall and to
keep in mind SQL injections threat and take proactive actions at the development stage.

4. Extensive user and user group privileges

All user privileges shall be taken under strict control. Users should have access only to the
data they really need to do their jobs. However, it’s often the case when ordinary users may
have superusers privileges which is very bad for database security. Many researchers
recommend using group-based approach to privileges, that is making users part of a group
and managing the privileges of the group collectively instead of assigning direct rights.

5. Missing Security Patches For Databases

According to researchers more than a third of assesses databases are missing security updates
or running old version of the software. In many cases the majority of these systems were
lacking database security patches more than a year old. Definitely, this is the fault of database
owners and administrators who for some reasons find it difficult to apply the relevant
patches. Such cases show that many companies don’t have a reliable and consistent patch-
management and database security system. This fact is very worrying.

6. Audit Trail Tracking and

About a third of databases have database auditing either missing or misconfigured. However,
this is a critical feature what helps to track and audit all database events. So, every single
instance of data modification and access is immediately registered. Not tracking all the
database events makes it more difficult when it comes to forensic investigation if a breach
occurs. Some database administrators may think that this feature is not so important, but
practical experience shows that it is vital to have a database auditing tool when building a
database.

7. Database Backups

Threats to databases may come from inside and outside. And in many cases companies are
thinking about internal threats more than about external. Business owners can never be 100%
sure of the company employees’ loyalty. Almost anyone who has unrestricted access to data
can steal it and sell on the Dark Web. Usually when people think about database protection
they think about original database they want protected and forget about database backups,
security of which should be treated with the same seriousness and care. This point brings us
to the next point below.

8. Poor Encryption and Data Breaches

Though it may seem obvious to you it may not be so obvious for database owners and
administrators that all data inside database be preferably in the encrypted form. It is true both
for the original database and database copies. There are network interfaces within the
databases which can be easily tracked by hackers if your data is not encrypted.

9. Denial-of-service Attacks

A Denial-of-Service (DoS) attack is a type of an attack that hackers and cybercriminals use to
shut down a machine or network, making it inaccessible to its intended users through
flooding the target database with traffic or queries. As a result, database users can’t retrieve
any information from databases which makes them useless for different period of time. But
DoS attacks can be counteracted. Please read more articles on our Block section to learn
more.

10. Outdated Database Protection Tool And Compliance With sensitive data protection
regulations

Not all database protection systems are same. The IT technologies are developing, and,
unfortunately, hackers tools are developing too. That is why it’s vitally important to make
sure that your database protection systems are up-to-date. DataSunrise Database Security
Suite is a state-of-the-art database protection tool which can protect your database and data
inside from any threats both internal and external. Having a database protection tool in place
is a prerequisite for compliance with national and international sensitive data protection
regulations, for example, GDPR.

Cryptography and Cryptanalysis for relation database system: a critical review